3 Answers
3

It means you didn't follow the steps correctly. Make sure the tdeCert exists in select * from master.sys.certificates, as the certificate is created at step 2: CREATE CERTIFICATE tdeCert WITH SUBJECT = ‘TDE Certificate’ and has to exists. You had either skipped a step, or created the certificate in the wrong database, or have a typo in the certificate name (including case on case sensitive servers).

Transparent Data Encryption (TDE) encrypts the database by using a Database Encryption Key (DEK) that is stored in the database boot record. The DEK is in turn protected by the database master key, which is in turn protected by the service master key

Warning: The certificate used for encrypting the database encryption key has not been backed up. You should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database.

When using TDE, create a backup of the server certificate in the master database. You can use the BACKUP CERTIFICATE statement to create a backup of the certificate and private key, both of which are required for certificate recovery. The private key password does not have to be the same as the database master key password: